Re: [PATCH] iopl.2: Changing description of permissions set per-process to per-thread

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hello Thomas,
Hello Michael,


On 28.05.20 3:22 PM, Thomas Gleixner wrote:

"Michael Kerrisk (man-pages)" <mtk.manpages@xxxxxxxxx> writes:


I expect that the small change at Thomas P proposes in this patch is
correct (i.e., iopl(2) operates per-thread, not per-process). I
remember that you touch the relevant kernel source file often. Perhaps
you are able to give a quick Ack?


   man2/iopl.2 | 6 +++---
   1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/man2/iopl.2 b/man2/iopl.2
index e5b216a14..329095808 100644
--- a/man2/iopl.2
+++ b/man2/iopl.2
@@ -39,7 +39,7 @@ iopl \- change I/O privilege level
   .BI "int iopl(int " level );
   .SH DESCRIPTION
   .BR iopl ()
-changes the I/O privilege level of the calling process,
+changes the I/O privilege level of the calling thread,


I'm fine with the s/process/thread/ changes. The permissions are really
per thread.

Though the manpage should mention that a thread inherits the permissions
from the parent, i.e. clone() vs. fork(), exec().


   as specified by the two least significant bits in
   .IR level .
   .PP
@@ -50,7 +50,7 @@ Since these X servers require access to all 65536 I/O
ports, the
   call is not sufficient.
   .PP
   In addition to granting unrestricted I/O port access, running at a higher
-I/O privilege level also allows the process to disable interrupts.
+I/O privilege level also allows the thread to disable interrupts.


This paragraph became outdated as of

    a24ca9976843 ("x86/iopl: Remove legacy IOPL option")

in v5.5. The kernel no longer allows user space to disable
interrupts. It still grants access to _ALL_ 64k ioports.

Also:


This call is necessary to allow 8514-compatible X servers to run under
Linux.  Since these X servers require access to all 65536 I/O ports,
the ioperm(2) call is not sufficient.


is outdated.

ioperm() allows to set all 64k bits, but its significantly slower than
iopl(3) because it needs to copy 8k of data on context switch while
iopl(3) just maps an 'all bits set' static bitmap.

Aside of that only really old x servers rely on iopl(3).



Thanks for your feedback. I'll update the patch accordingly.

1. Rechecking that it says that permissions are inherited from parents
2. Stating that since Kernel v5.5 it is not possible anymore to
   disable interrupts from user space
3. Removing the paragraph "This call is necessary..."
Should the man page mention that iopl is deprecated, provided only for compatibility to old X-Servers and significantly slower than ioperm?
[Index of Archives]     [Kernel Documentation]     [Netdev]     [Linux Ethernet Bridging]     [Linux Wireless]     [Kernel Newbies]     [Security]     [Linux for Hams]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux RAID]     [Linux Admin]     [Samba]

  Powered by Linux